Add landing page

Fix port mapping due to YAML interpreting numbers with a colon as base 60 numbers
Stop containers before updating the configuration
2023-02-15 14:03:22 +01:00 · 2023-02-15 14:02:56 +01:00 · 2023-02-15 14:02:20 +01:00 · 2023-02-15 14:01:28 +01:00 · 2023-02-15 14:00:52 +01:00 · 2023-02-08 11:30:37 +01:00
13 changed files with 391 additions and 93 deletions
--- a/containers/collabora/tasks.yml
+++ b/containers/collabora/tasks.yml
@ -0,0 +1,91 @@
+# code: language=ansible
+
+---
+- hosts: all
+  name: Collabora CODE container
+  tasks:
+    - name: Stop running containers
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        state: stopped
+      loop:
+        - collabora
+
+    # - name: Create podman volumes
+    #   containers.podman.podman_volume:
+    #     state: present
+    #     name: "{{ item }}"
+    #   become_user: containers
+    #   become: true
+    #   loop:
+    #     - collabora-config
+
+    - name: Create podman networks
+      containers.podman.podman_network:
+        name: "{{ item }}"
+        recreate: false
+        state: "present"
+      become_user: containers
+      become: true
+      loop:
+        - traefik-collabora
+        - nextcloud-collabora
+
+    - name: Pull container images
+      become_user: containers
+      become: true
+      containers.podman.podman_image:
+        name: docker.io/{{ item }}
+      loop:
+        - collabora/code:latest
+
+    - name: Add a collabora container
+      become_user: containers
+      become: true
+      containers.podman.podman_container:
+        name: collabora
+        image: docker.io/collabora/code:latest
+        state: present
+        cap_add:
+          - MKNOD
+        network:
+          - traefik-collabora
+          - nextcloud-collabora
+        # volume:
+        #   - collabora-config:/etc/coolwsd:Z
+        label:
+          io.containers.autoupdate: "registry"
+          traefik.enable: "true"
+          traefik.http.routers.collabora.entrypoints: "https"
+          traefik.http.routers.collabora.rule: "Host(`{{ vault_domain }}`) && PathPrefix(`/collabora`,`/browser`)"
+          traefik.http.routers.collabora.tls: "true"
+          traefik.http.routers.collabora.tls.certresolver: "wildcard"
+          traefik.http.routers.collabora.service: "collabora"
+          traefik.http.services.collabora.loadbalancer.server.port: "9980"
+          traefik.docker.network: "traefik-collabora"
+        env:
+          domain: "chef\\.heaplab\\.deib\\.polimi\\.it"
+          aliasgroup1: "chef\\.heaplab\\.deib\\.polimi\\.it"
+          username: "{{ vault_collabora_user }}"
+          password: "{{ vault_collabora_password }}"
+          extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:net.service_root=/collabora"
+        generate_systemd:
+          path: /home/containers/.config/systemd/user/
+          restart_policy: on-failure
+          names: true
+          new: true
+
+    - name: Start containers at boot
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        enabled: true
+        state: started
+        daemon_reload: true
+      loop:
+        - collabora
--- a/containers/drone-runner/tasks.yml
+++ b/containers/drone-runner/tasks.yml
@ -4,6 +4,16 @@
 - hosts: all
  name: Drone CI runner agent
  tasks:
+    - name: Stop running containers
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        state: stopped
+      loop:
+        - drone-runner
+
    - name: Get containers UID
      ansible.builtin.command: "id -u containers"
      register: uid_containers
@ -50,11 +60,11 @@
          io.containers.autoupdate: "registry"
          traefik.enable: "true"
          traefik.http.routers.drone-runner.entrypoints: "https"
-          traefik.http.routers.drone-runner.rule: "PathPrefix(`/runner`)"
+          traefik.http.routers.drone-runner.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/runner/`) || Path(`/runner`))"
          traefik.http.routers.drone-runner.tls: "true"
          traefik.http.routers.drone-runner.tls.certresolver: "wildcard"
          traefik.http.routers.drone-runner.service: "drone-runner"
-          traefik.http.routers.drone-runner.middlewares: "drone-runner-prefixstrip@docker"
+          traefik.http.routers.drone-runner.middlewares: "force-trailing-slash@file,drone-runner-prefixstrip@docker"
          traefik.http.middlewares.drone-runner-prefixstrip.stripprefix.prefixes: "/runner"
          traefik.http.services.drone-runner.loadbalancer.server.port: "3000"
          traefik.docker.network: "traefik-drone-runner"
--- a/containers/drone-server/tasks.yml
+++ b/containers/drone-server/tasks.yml
@ -4,6 +4,16 @@
 - hosts: all
  name: Drone CI server coordinator
  tasks:
+    - name: Stop running containers
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        state: stopped
+      loop:
+        - drone-server
+
    - name: Create podman volumes
      containers.podman.podman_volume:
        state: present
@ -48,11 +58,11 @@
          io.containers.autoupdate: "registry"
          traefik.enable: "true"
          traefik.http.routers.drone-server.entrypoints: "https"
-          traefik.http.routers.drone-server.rule: "PathPrefix(`/drone`)"
+          traefik.http.routers.drone-server.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/drone/`) || Path(`/drone`))"
          traefik.http.routers.drone-server.tls: "true"
          traefik.http.routers.drone-server.tls.certresolver: "wildcard"
          traefik.http.routers.drone-server.service: "drone-server"
-          traefik.http.routers.drone-server.middlewares: "drone-server-prefixstrip@docker"
+          traefik.http.routers.drone-server.middlewares: "force-trailing-slash@file,drone-server-prefixstrip@docker"
          traefik.http.middlewares.drone-server-prefixstrip.stripprefix.prefixes: "/drone"
          traefik.http.services.drone-server.loadbalancer.server.port: "80"
          traefik.docker.network: "traefik-drone"
--- a/containers/gitea/tasks.yml
+++ b/containers/gitea/tasks.yml
@ -4,6 +4,17 @@
 - hosts: all
  name: Gitea web server
  tasks:
+    - name: Stop running containers
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        state: stopped
+      loop:
+        - gitea
+        - db_gitea
+
    - name: Permit traffic from any IP to ssh port
      become: true
      community.general.ufw:
@ -87,8 +98,8 @@
        name: gitea
        image: docker.io/gitea/gitea:latest
        state: present
-        ports:
-          - 22:22
+        publish:
+          - "22:22"
        network:
          - traefik-gitea
          - mariadb-gitea
@ -100,11 +111,11 @@
          io.containers.autoupdate: "registry"
          traefik.enable: "true"
          traefik.http.routers.gitea.entrypoints: "https"
-          traefik.http.routers.gitea.rule: "PathPrefix(`/git`)"
+          traefik.http.routers.gitea.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/git/`) || Path(`/git`))"
          traefik.http.routers.gitea.tls: "true"
          traefik.http.routers.gitea.tls.certresolver: "wildcard"
          traefik.http.routers.gitea.service: "gitea"
-          traefik.http.routers.gitea.middlewares: "gitea-prefixstrip@docker"
+          traefik.http.routers.gitea.middlewares: "force-trailing-slash@file,gitea-prefixstrip@docker"
          traefik.http.middlewares.gitea-prefixstrip.stripprefix.prefixes: "/git"
          traefik.http.services.gitea.loadbalancer.server.port: "3000"
          traefik.docker.network: "traefik-gitea"
--- a/containers/heimdall/tasks.yml
+++ b/containers/heimdall/tasks.yml
@ -0,0 +1,93 @@
+# code: language=ansible
+
+---
+- hosts: all
+  name: Heimdall landing page
+  tasks:
+    - name: Stop running containers
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        state: stopped
+      loop:
+        - heimdall
+
+    - name: Create podman volumes
+      containers.podman.podman_volume:
+        state: present
+        name: "{{ item }}"
+      become_user: containers
+      become: true
+      loop:
+        - heimdall-config
+
+    - name: Create podman networks
+      containers.podman.podman_network:
+        name: "{{ item }}"
+        recreate: false
+        state: "present"
+      become_user: containers
+      become: true
+      loop:
+        - traefik-heimdall
+
+    - name: Pull an image
+      become_user: containers
+      become: true
+      containers.podman.podman_image:
+        name: lscr.io/linuxserver/heimdall:latest
+
+    - name: Add a heimdall container
+      become_user: containers
+      become: true
+      containers.podman.podman_container:
+        name: heimdall
+        image: lscr.io/linuxserver/heimdall:latest
+        state: present
+        network:
+          - traefik-heimdall
+        volume:
+          - heimdall-config:/config:Z
+        label:
+          io.containers.autoupdate: "registry"
+          traefik.enable: "true"
+
+          traefik.http.routers.heimdall.entrypoints: "https"
+          traefik.http.routers.heimdall.rule: "Host(`{{ vault_domain }}`)"
+          traefik.http.routers.heimdall.tls: "true"
+          traefik.http.routers.heimdall.tls.certresolver: "wildcard"
+          traefik.http.routers.heimdall.service: "heimdall"
+          traefik.http.services.heimdall.loadbalancer.server.port: "80"
+
+          traefik.http.routers.heimdall-settings.entrypoints: "https"
+          traefik.http.routers.heimdall-settings.rule: "Host(`{{ vault_domain }}`) && Path(`/settings`)"
+          traefik.http.routers.heimdall-settings.tls: "true"
+          traefik.http.routers.heimdall-settings.tls.certresolver: "wildcard"
+          traefik.http.routers.heimdall-settings.service: "heimdall"
+          traefik.http.routers.heimdall-settings.middlewares: "heimdall-auth@docker"
+          traefik.http.services.heimdall-settings.loadbalancer.server.port: "80"
+
+          traefik.http.middlewares.heimdall-auth.basicauth.users: "{{ vault_heimdall_basic_auth }}"
+
+          traefik.docker.network: "traefik-heimdall"
+        env:
+          TZ: "Europe/Rome"
+        generate_systemd:
+          path: /home/containers/.config/systemd/user/
+          restart_policy: on-failure
+          names: true
+          new: true
+
+    - name: Start containers at boot
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        enabled: true
+        state: started
+        daemon_reload: true
+      loop:
+        - heimdall
--- a/containers/nextcloud/tasks.yml
+++ b/containers/nextcloud/tasks.yml
@ -4,6 +4,18 @@
 - hosts: all
  name: Nextcloud file sharing web service
  tasks:
+    - name: Stop running containers
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        state: stopped
+      loop:
+        - nextcloud
+        - redis_nextcloud
+        - db_nextcloud
+
    - name: Pull container images
      become_user: containers
      become: true
@ -77,6 +89,7 @@
        - traefik-nextcloud
        - mariadb-nextcloud
        - redis-nextcloud
+        - nextcloud-collabora

    - name: Create redis instance
      become_user: containers
@ -139,18 +152,19 @@
          - traefik-nextcloud
          - mariadb-nextcloud
          - redis-nextcloud
+          - nextcloud-collabora
        label:
          io.containers.autoupdate: "registry"
          traefik.enable: "true"
          traefik.http.routers.nextcloud.entrypoints: "https"
-          traefik.http.routers.nextcloud.rule: "PathPrefix(`/cloud`)"
+          traefik.http.routers.nextcloud.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/cloud/`) || Path(`/cloud`))"
          traefik.http.routers.nextcloud.tls: "true"
          traefik.http.routers.nextcloud.tls.certresolver: "wildcard"
          traefik.http.routers.nextcloud.service: "nextcloud"
-          traefik.http.routers.nextcloud.middlewares: "nextcloud-prefixstrip,nextcloud-redirectregex,nextcloud-headers,http-compress@file"
+          traefik.http.routers.nextcloud.middlewares: "force-trailing-slash@file,nextcloud-prefixstrip,nextcloud-redirectregex,nextcloud-headers,http-compress@file"
          traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent: "true"
-          traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.regex: "https://(.*)/cloud/.well-known/(card|cal)dav"
-          traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.replacement: "https://${1}/cloud/remote.php/dav/"
+          traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.regex: "https://(.*)/.well-known/(card|cal)dav"
+          traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.replacement: "https://${1}/remote.php/dav/"
          traefik.http.middlewares.nextcloud-headers.headers.stsSeconds: "31536000"
          traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains: "true"
          traefik.http.middlewares.nextcloud-prefixstrip.stripprefix.prefixes: "/cloud"
@ -170,10 +184,12 @@
          SMTP_AUTHTYPE: "None"
          SMTP_NAME: ""
          SMTP_PASSWORD: ""
-          MAIL_FROM_ADDRESS: "nextcloud"
+          MAIL_FROM_ADDRESS: "{{ vault_smtp_from }}"
          MAIL_DOMAIN: "{{ vault_smtp_domain }}"
          TRUSTED_PROXIES: "traefik"
          OVERWRITEWEBROOT: "/cloud"
+          OVERWRITECLIURL: "https://{{ vault_domain }}/cloud"
+          OVERWRITEPROTOCOL: "https"
        generate_systemd:
          path: /home/containers/.config/systemd/user/
          restart_policy: on-failure
--- a/containers/portainer/tasks.yml
+++ b/containers/portainer/tasks.yml
@ -9,6 +9,16 @@
      register: uid_containers
      changed_when: uid_containers.rc != 0

+    - name: Stop running containers
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        state: stopped
+      loop:
+        - portainer
+
    - name: Pull portainer image
      become_user: containers
      become: true
@ -48,11 +58,11 @@
          io.containers.autoupdate: "registry"
          traefik.enable: "true"
          traefik.http.routers.portainer.entrypoints: "https"
-          traefik.http.routers.portainer.rule: "PathPrefix(`/portainer`)"
+          traefik.http.routers.portainer.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/portainer/`) || Path(`/portainer`))"
          traefik.http.routers.portainer.tls: "true"
          traefik.http.routers.portainer.tls.certresolver: "wildcard"
          traefik.http.routers.portainer.service: "portainer"
-          traefik.http.routers.portainer.middlewares: "portainer-prefixstrip@docker"
+          traefik.http.routers.portainer.middlewares: "force-trailing-slash@file,portainer-prefixstrip@docker"
          traefik.http.middlewares.portainer-prefixstrip.stripprefix.prefixes: "/portainer"
          traefik.http.services.portainer.loadbalancer.server.port: "9000"
          traefik.docker.network: "traefik-portainer"
--- a/containers/traefik/files/conf/force_trailing_slash.yml
+++ b/containers/traefik/files/conf/force_trailing_slash.yml
@ -0,0 +1,15 @@
+http:
+  middlewares:
+    force-trailing-slash:
+      chain:
+        middlewares:
+          - add-trailing-slash
+          - strip-after-slash
+    add-trailing-slash:
+      redirectregex:
+        regex: "^(https?://[^/]+/[a-z0-9_]+)$"
+        replacement: "${1}/"
+        permanent: true
+    strip-after-slash:
+      stripprefixregex:
+        regex: "/[a-z0-9_]+"
--- a/containers/traefik/tasks.yml
+++ b/containers/traefik/tasks.yml
@ -9,6 +9,16 @@
      register: uid_containers
      changed_when: uid_containers.rc != 0

+    - name: Stop running containers
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        state: stopped
+      loop:
+        - traefik
+
    - name: Permit traffic from any IP to http port
      become: true
      community.general.ufw:
@ -75,6 +85,8 @@
        - traefik-portainer
        - traefik-nextcloud
        - traefik-gitea
+        - traefik-collabora
+        - traefik-heimdall

    - name: Create traefik instance
      become_user: containers
@ -83,9 +95,9 @@
        name: traefik
        image: docker.io/traefik:latest
        state: present
-        ports:
-          - 80:80
-          - 443:443
+        publish:
+          - "80:80"
+          - "443:443"
        security_opt:
          - label=type:container_runtime_t
        volume:
@ -96,15 +108,16 @@
          - traefik-portainer
          - traefik-nextcloud
          - traefik-gitea
+          - traefik-collabora
+          - traefik-heimdall
        cap_add:
          - NET_ADMIN
        label:
          io.containers.autoupdate: "registry"
          traefik.enable: "true"
          traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
-          traefik.http.middlewares.traefik-prefixstrip.stripprefix.prefixes: "/traefik"
          traefik.http.routers.traefik.entrypoints: "https"
-          traefik.http.routers.traefik.rule: "PathPrefix(`/traefik`) || HeadersRegexp(`Referer`, `.*/traefik/.*`)"
+          traefik.http.routers.traefik.rule: "Host(`{{ vault_domain }}`) && PathPrefix(`/api`,`/dashboard`)"
          traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
          traefik.http.routers.traefik.tls: "true"
          traefik.http.routers.traefik.tls.certresolver: "wildcard"
--- a/containers/traefik/templates/conf/cockpit.yml.j2
+++ b/containers/traefik/templates/conf/cockpit.yml.j2
@ -1,10 +1,11 @@
 http:
  routers:
    cockpit:
-      rule: "PathPrefix(`/cockpit`)"
+      rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/cockpit/`) || Path(`/cockpit`))"
      entryPoints: https
      middlewares:
-        - cockpit-stripprefix
+        - force-trailing-slash
+        - drop-xforwarded-proto
      service: cockpit
      tls:
        certresolver: wildcard
@ -14,9 +15,18 @@ http:
      stripPrefix:
        prefixes:
          - "/cockpit"
+    drop-xforwarded-proto:
+      headers:
+        customrequestheaders:
+          X-Forwarded-Proto: ""

  services:
    cockpit:
      loadBalancer:
+        serversTransport: nocertverify
        servers:
-          - url: "http://127.0.0.1:9090"
+          - url: "https://{{ vault_domain }}:9090"
+
+  serversTransports:
+    nocertverify:
+      insecureSkipVerify: true
--- a/host_vars/chef.heaplab.deib.polimi.it.yml
+++ b/host_vars/chef.heaplab.deib.polimi.it.yml
@ -1,69 +1,80 @@
 $ANSIBLE_VAULT;1.1;AES256
-39333532643966303936316430656133306365636266323238356465353438666664643735653036
-3261393138663336613866633439333536386465653636620a383932323939323762643666646635
-38353038393234636430383864636461373530626238366630396165353430616233393936336233
-3964396231643335320a376361623633646233343937663863613663323335316231643330396536
-34323464663065343531313639653238386666353036643337366635303737393933356464333432
-34353031623163663234626637376632313434326634343361343633646335633530343264306562
-34343834343564633032636537313964343864623434643131343464373431653262306535346563
-33666631323264633136363164613763386662653666356131613931613237303439623638616461
-35643530623665376631303932633031613737623034653262666439303839666665326136373630
-33653137323437643138643234633330386565396635353831613461326363333862336636626338
-39373064613936623563333734643837313066353761323435353761643566383533323962373133
-39643461633035613239613265366131396461656361646434333535646366343230303666313732
-63323565613339653537653332363436383633306363333330306132313338303466333466306565
-39386464323230323561646464373232353863323961363664323436313862303563313234383632
-64373036316235396330346434313635626262376435666134636663653337613561393337616635
-32323238623831623933373066633032333831356131343639333665386335613435373433333661
-61313234666261353464643066653331666561633835666135646236353533656137623465323162
-66626531643961353366643866666463356530376661623164333964353562306465336237353937
-64303635633562623964383966373865363135613438643165326637376239343566613739336462
-33363537356262383866383838306631383865363830623162333964363333316438303233633037
-61303537626364323638356632313563656463383632613736626133326131316362313263356637
-61373237333038666361343036643633623334396435333634613532396465363738616664656561
-34383730666463353932323432396330646566373662346364303231613063656237636164303263
-33633565303366636132316239373731633563393231363365373639356265323465326563326538
-62653834376232653636646664336565623137613434366662313738393261373165323764373736
-37616435653033633634373364616630373163626162646336373532643030633863326562333333
-30316433626565303366313036353836386564363936643238366137646666303932623764323461
-34636566396137343261363630313239326464326437306666656233636139643439383739616637
-30306534386663323761313530393737643536306131316363366335636437313335336164636334
-30363336306336363837386663626461363465396235323861643664323664643139663537386363
-66636134313661346465323066613934396566333033616462653831396134366234393735336132
-31353037613136613232346631393433626339316539656236313661376662376630623233363831
-35366131643334656532333634383364666461353133646563386138626266303339663662636335
-66303835333631356665386133616666613337643538376164363334343934326264383533656431
-66616362303230303932663931306661643066626638663537633566303862326365653435376230
-61613230376462383530323063343366613561633130313736313236396433306439356532383262
-38306565306637623733653235643362303737383533663739366632616437306162626661353362
-31613932333039613063643666316635316363663236663836643539613364656131316138386332
-61636135383430653535323734366437633830336462373162343634323935313235656439316361
-63663230373330626331393863633461343434633736316166613033636134393837393564326364
-63393231376435643836393233303536303434626530373363343664636634363366393463316137
-63386163613839336132366363333965313737303838386465336331316232303561643233376666
-37363130646230366264653965316436316238306231643663353936623932356462373538356536
-35323739336432353664386236306364353236656330643965363461313732313838663464653834
-35336166663033666139666234613131343030613066623363343837316464356137623436653263
-63356564663362343062653964326138376663633562333764643830623931383566663831666661
-64353632653130343839616233626638616537326138363438303661386138336163303266303233
-62353138396461373739643864376261326662356466313932326534633135363639323065346166
-64393931636432383437323931333633626538326334623361623837363538313766333433333333
-64653062366366393533636333633337663034623737663766663762383863333561326637313431
-34306132663061626166316562653063613964306232356264333264613031636434616430353530
-64343762643832613937623834653763396430373438363531636339613038303064326665383038
-32393364653330653965623938363132633865666665306262303234376334373238326130333939
-31353462626365303031313965346538346237643331326362353032653731343764303864383133
-64366461303665313562373463353961633732313631303439663432373533393064366130306266
-61356332643161306135643838303863366364633239376165316338323162373631656266663062
-34306539353262333964643062306564656435663861323861613738616436643266313730343739
-36646662653032366230336463313333656436356661653838656233663638316661643866373865
-66356332316338343565333035303932356334643163353139623138346235313639383363396338
-30653866323962653132656133626539323862666433613063633730333766303763326163396530
-64376461613930376364666439326163353061356630373463643839316263626661323139316131
-36356130613032333531633831653061653165386533393933663935666439303935303634313732
-35623731313030333264646465353066393534333934663535343130316637353765366264653564
-33323834313834653034373163623132616633626337356461346361353732653339393163313139
-65393535666234323832313865346635383433333839356364623065323933653332326134633331
-35633664666330306234656638633933646539643866313162613539373131323962383363653566
-38373662626136323463393630346134663936303963373065626331656130353066346666363564
-62373431643133353536
+38343663613164616165313862356365343939336537653566313831623633613732336635313164
+3633356634376334643136323431306261366134376637360a323339346463373637373965336337
+63663130636364633334626237613430313833386165646231353639346466393535623838353337
+6463303161343630640a343433383465343432323032653861366233363761343931353764343236
+65613763653334353461363966663832366632363565656537646366346637623837366663346464
+33656634373163306537393631633239626432643963646534323739633266373130363535613136
+61353933666130363765643965623030623737386264636632386635626266323563613133663165
+63316438623732613361333136353230313763396463363233633266393862333238363331363231
+33343963626533623931306637353236323065616631363633623433366634346331316637393565
+39643564333065353866616566643436383630666439623730376561663831376566363132316230
+61663938366566653165383636343138366437636361663764643939636233343532373131346361
+66363433656338316434646166666331323538393139623632613837333933353932333464613134
+36396232333461353930623935613364343333356133396530653330323963653665386461383664
+38666433623135316161326661336561376262363361376135613035306532626238633262616234
+64336330386565663034333662373331343931323937646436323666633439333864363061386164
+65623338396637303162373331346430613233396362613465356631316566346239326132396464
+32626639656238666565636537663365316630653535656137303234653032363865396633656435
+33373662623565303062346637363134393161313237656139356361653163393536386563636261
+38386463646634336263623032653433336334326666376166653739656165343965613466663238
+31376534383065366635386563656334623232383730626663393765663834613862656139656464
+62373062633539396632323536373039313031366637653464313735656534336239343838316464
+65366538663464353064353864346432383866313935626633633434636436653863393735626639
+32626332316439326661623233333032356362373537663366633538313761616435366639346230
+30633234616331336631336431633037633066616237623736663661313464303934373565663136
+31353265386237363031323262393232353766303763626565666438643339336235393936366230
+32623636386334326235663061623236393066326666326337343635616366313436626662316237
+34636661396139373863663130386631333437643665333631616234333730623032376237646432
+34396631613766346630333831643035393538356234343134313466386335633539623335373265
+30626330303939653362353364376331643638336137616133326532336638633639326261313164
+37353638306138343939326632393634623432383531346466643931343839666137383637643930
+35646531656235396137626535323162396163323330646535663639656136346165356434363065
+36636165373031376639623866373264613035353439643837623536326439336638646530316531
+62343130326461636231626531636436663162396361633264633031373865623830326461313935
+31353831303838346436373935613765646638373861346435393566333438383239393465643535
+32316539623362383661643363336236346331346335623938653530613866333231643130353530
+61633936623061646533613938353763343137623037363639393836306531333739383537343933
+35353034373563633437326530616138336438333930326536616630356231316430613035643932
+66663134613234356237363632393762356463383133353034323132376266636465313966316536
+32353731343862306562396435653231376666363931636234323330383763613565303361646339
+31333033653764333932373965613563356131373432393933643666653735633939316237353061
+38653363626233353161363134333834363663303530343938313261666632356234326531313238
+62356161343230646633633531333738376335396539626431373732313833613539343531623066
+32303237363161396439623131656163626132303765326461306632323435343063653563656334
+65613830653335386662663031653839363934656437343730303065396363636537346237306138
+30316131613865393861383639663161303734336133346262383365323666623237386262663337
+35663637393032633764623635343466363366316536643539306339363130316238633630336362
+35393230393436393436383537646163613334363130336163636230633639623738623766666537
+35356432326666663539313337306230313937616332653134346136363236383036653462363031
+38643432356534396466656261373762633132363833663561613636316435666463343135393363
+65623063626564313131383534313661356637396166383930643936303337666437643861323931
+38333238373866336433356561626561306330313034626233616533663866613930383735393336
+61666339636466376633643731303065333337656162396634343032623939656231633838613136
+66386233663231616638616163363430636233346465636461313864343436323664316638636132
+66376466343662343938356537333730646265393032613738393832646364323737363437343538
+31666436666664353161626462316161326262363166373835653462643935356465386132656233
+64613839353235663564633765653936306261303639343265653765633131666366363930643634
+35333039326130656234626135663031343839336633373564333930313134383630646566386261
+65306237353235333865643666353064383663663234386233666164313461633738396465366139
+36646335663461303736646362343534623334366134303138323535656635316433356230663137
+39633939613563353761376339633031623531633262326164326630343239633434666665386566
+36633039653161316135353463373331373937393864643338643633656530313431646530303737
+65386337323235663263306163616136363030363634373536366331646439336264366664613664
+36323235363838653062313863663864336262646236653466313534663461636637303434333362
+62653364316535393237383864646237633064656337393932383038623331633738343235323333
+32646333316432623733646437383836376666626139623261386635333433373536613435396136
+34393033663332303634616261333236383565653934303437396134623130383836643035386638
+37616561353130656439373863656466636361646234363337343766613938323836373866656666
+66663035333032616262313734323536616331633337346333343634643064643862663030653434
+64633939623731633232363734306137616434373466396561313961663931373162333138373533
+33393562363632383665633938316139623238376536316332376663313661316361633337383431
+34316337643664363462636364666637623036323861636231373539643134633937366166376233
+32663730316230626337396165333034313637373435623933313966386330633634646134323865
+65383636376632373363306430653039353039393738646133393635383038366662393634346265
+37623931343664383665666130656432613038343830383531613435333336313362343333663831
+35313734326666396566633132663735373162323937323064336133636264313338373462386339
+39636635353130646237323834393963396238653633623161653539636263316534636461363437
+64656463613565636231336635613937383537393561353463343530376238623532366335366430
+35363739666335343436643433376432633762623661376161373539633662323633643939316134
+663339383635626333363365323634623535
--- a/roles/cockpit/tasks/main.yml
+++ b/roles/cockpit/tasks/main.yml
@ -30,6 +30,15 @@
    group: root
    mode: 0644

+- name: Permit traffic from any IP to cockpit socket
+  become: true
+  community.general.ufw:
+    direction: in
+    from_ip: any
+    proto: tcp
+    to_port: 9090
+    rule: allow
+
 # - name: Reboot
 #   become: true
 #   ansible.builtin.reboot:
--- a/roles/cockpit/templates/cockpit.conf.j2
+++ b/roles/cockpit/templates/cockpit.conf.j2
@ -1,4 +1,3 @@
 [WebService]
-Origins = http://{{ inventory_hostname }} ws://{{ inventory_hostname }} https://{{ inventory_hostname }} wss://{{ inventory_hostname }} http://{{ ansible_host }} ws://{{ ansible_host }} https://{{ ansible_host }} wss://{{ ansible_host }}
+Origins = http://{{ inventory_hostname }} ws://{{ inventory_hostname }} https://{{ inventory_hostname }} wss://{{ inventory_hostname }} http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090 ws://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090 https://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090 wss://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:9090
 ProtocolHeader = X-Forwarded-Proto
-AllowUnencrypted=true
Author	SHA1	Message	Date
Francesco Antognazza	7926457cda	Add landing page	2023-02-15 14:03:22 +01:00
Francesco Antognazza	b5be87961a	Fix port mapping due to YAML interpreting numbers with a colon as base 60 numbers	2023-02-15 14:02:56 +01:00
Francesco Antognazza	7bc4235fd3	Stop containers before updating the configuration	2023-02-15 14:02:20 +01:00
Francesco Antognazza	e5a2075849	Fix cockpit instance	2023-02-15 14:01:28 +01:00
Francesco Antognazza	71a8507928	Add more selective match to increase the regex precedence	2023-02-15 14:00:52 +01:00
Francesco Antognazza	0957ad5f1c	Add workaround for nextcloud not generating URLs with HTTPS protocol when behind a reverse proxy	2023-02-08 11:30:37 +01:00
Francesco Antognazza	b4c55cffc9	Fix collabora configuration	2023-02-08 10:44:40 +01:00
Francesco Antognazza	802fa7625c	Update vault	2023-02-07 17:33:49 +01:00
Francesco Antognazza	cc263ab01c	Add collabora container	2023-02-07 17:28:46 +01:00
Francesco Antognazza	5f1b513f13	Fix nextcloud 'FROM' address field	2023-02-07 17:28:22 +01:00